package com.basics.framework.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * spring security配置
 *
 * @author basics
 */
@Configuration
@EnableGlobalMethodSecurity(
        prePostEnabled = true,
        securedEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //先来这里认证一下
//    @Autowired
//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(myUserDetailsService).passwordEncoder(bCryptPasswordEncoder());
////        auth.authenticationProvider(new JwtAuthenticationProvider(myUserDetailsService));
//        super.configure(auth);
//    }

    /**
     * 解决 无法直接注入 AuthenticationManager
     *
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * anyRequest | 匹配所有请求路径 access | SpringEl表达式结果为true时可以访问 anonymous | 匿名可以访问 denyAll | 用户不能访问 fullyAuthenticated |
     * 用户完全认证可以访问（非remember-me下自动登录） hasAnyAuthority | 如果有参数，参数表示权限，则其中任何一个权限可以访问 hasAnyRole |
     * 如果有参数，参数表示角色，则其中任何一个角色可以访问 hasAuthority | 如果有参数，参数表示权限，则其权限可以访问 hasIpAddress | 如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
     * hasRole | 如果有参数，参数表示角色，则其角色可以访问 permitAll | 用户可以任意访问 rememberMe | 允许通过remember-me登录的用户访问 authenticated | 用户登录后可访问
     */
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                // CRSF禁用，因为不使用session
                .csrf().disable()
                // 基于token，所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 验证码captchaImage 允许匿名访问
//                .antMatchers("/api/common/**").anonymous().antMatchers("/api/**").anonymous().antMatchers("/common/download/resource**").anonymous().antMatchers("/doc.html").anonymous()
                .antMatchers("/swagger-resources/**").anonymous().antMatchers("/webjars/**").anonymous().antMatchers("/*/api-docs").anonymous().antMatchers("/druid/**").anonymous()
                .antMatchers("/api/common/**").anonymous()
                .antMatchers("/api/**").anonymous().antMatchers("/static/**")
                .anonymous().antMatchers("/common/order/**")
                .anonymous().antMatchers("/msg/trade/**")
                .anonymous().antMatchers("/common/download/resource**").anonymous().antMatchers("/doc.html").anonymous()
                .antMatchers("/websocket/**").anonymous() .antMatchers("/wss/**").anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated().and().headers().frameOptions().disable();
//        httpSecurity.formLogin().successHandler(successHandler).permitAll();
        //清除缓存
//        httpSecurity.headers().cacheControl();
//        httpSecurity.addFilterBefore(new JWTAuthentication(), FilterSecurityInterceptor.class);
//        httpSecurity.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

    }

//    @Bean
//    public LoginAuthenticationFilter authenticationFilter() throws Exception {
//        LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
//        authenticationFilter.setAuthenticationSuccessHandler(successHandler);
//        authenticationFilter.setAuthenticationManager(authenticationManagerBean());
//        return authenticationFilter;
//    }

    /**
     * 强散列哈希加密实现
     */
//    @Bean
//    public BCryptPasswordEncoder bCryptPasswordEncoder() {
//        return new BCryptPasswordEncoder();
//    }

//    @Bean
//    public FilterRegistrationBean registration(JWTAuthentication jwtAuthentication) {
//        FilterRegistrationBean registration = new FilterRegistrationBean(jwtAuthentication);
//        registration.setEnabled(false);
//        return registration;
//    }
}
